[Skip navigation links]

Conference caption

13th Annual AusCERT Information Security Conference: 12th - 16th May 2014

Clinton Firth, CSC & Ian Brightwell, NSW Electoral Commission

Clinton Firth is one of CSC’s senior Cybersecurity leaders and currently holds the title of Director, Global Practice Management and Partner for the Cybersecurity consulting organisation. Clinton brings clients a unique business perspective as an experienced Cybersecurity executive with successful senior roles including consulting, managed security operations, threat intelligence and solution design. This is complemented with diversified experience and background that has spanned commercial, government and Defence clients.

Previous experience in the Australian Army’s intelligence community with 13 years of service highlights of service include numerous awards for service, overseas military operations, performance, and foreign militaries.
Clinton’s unique experience has helped many customers with Cybersecurity issues ranging from managed services to consultative threat intelligence. Meanwhile all conducted in a pragmatic, solution orientated approach and delivery relevant to the client’s business.

Ian is a member of the management team at the NSW Electoral Commission. He is responsible for the provision of all IT infrastructure and information security for the Commission and manages a range of system development projects on behalf of business units.

He is also responsible for the electronic voting initiative (iVote) in NSW. iVote supports NSW’s technology assisted voting legislation. NSW is one of the few jurisdictions in the world with ongoing requirement for remote internet and phone voting at parliamentary elections. At this time only blind/low vision, disabled and absent electors can use the iVote system to vote. In 2011 some 46,684 electors voted with iVote.

Ian has post graduate qualifications in engineering and information systems and has been responsible for the delivery of a diverse range of engineering and systems projects over a 35 year career

Strategic Threat Intelligence Approach to e-voting in NSW 2015 election

NSW Electoral Commission (NSWEC) is an e-voting leader in Australia, and one of the few jurisdictions in world using internet voting on an ongoing basis for parliamentary elections. The nature of remote e-voting systems is such that a hybrid packed and bespoke approach is required in order to provide a system in which the electors can have confidence. Given the high profile of elections in general and with the added dimension of adopting new technological advances e-voting provides a great target and opportunity for cyber attackers.

Elections are unique in that the voting transaction must be secret while the electoral process must be transparent. It is this tension between secrecy and transparency which makes the development and operation of e-voting such a unique challenge. This challenge creates a set of security risks which the NSWEC decided needed a threat focused approach to support the design and implementation of NSWEC’s iVote application.

CSC assisted the NSWEC through the provision of its Strategic Threat Assessment consulting offering. CSC believes that the use of intelligence by militaries of the world during war has been a long known way to successfully combat an enemy and is critical to the success of any operation. With the ever increasing rate of global Cyber warfare targeted at organisations and government agencies, the traditional means of forming an IT security strategy and implementing controls is becoming a failing and outdated strategy. These traditional approaches are focused on broad defensive measures based on standards, compliance or perceived best practices that are not aligned to today’s complex landscape of Cyber warfare. Instead NSWEC first assessed their threat landscape and understood who the threat actors are including their capability and malicious intent towards the upcoming state election.

Intimate knowledge of relevant threats has enabled NSWEC to create an effective IT security strategy that is focused, efficient and relevant. The strategy includes monitoring of the threat actors for changes in their capability or intent, along with adaptive security posturing to respond to such changes or an incident. This has provided confidence in the security of e-voting, assurance to the commissioner and government and ultimately integrity in the voting which is core to our democracy.